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Know your threats to build organizational resilience 


Know your threats to build 


organizational resilience 


Today’s networks are transforming rapidly as more 
and more applications, workloads, and data are 
moving to the cloud. And with the increasingly 
mobile workforce and hybrid work models being 
used globally, rising numbers of users and devices 
are accessing networks remotely. All these changes 
open your organization up to greater security risk. 
With increased risk comes the need for increased 
resilience, but what threats should you be concerned 
with and what investments should you make to 
address them? 
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“Gartner predicts that by 2026, organizations 

prioritizing their security investments based ona 
continuous threat exposure management (CTEM) 
program will suffer two-thirds fewer breaches.” 


To maintain a strong security posture and effectively 
manage security issues, you must understand the 
threats you face and regularly test for gaps in your 
mitigative and detective controls. Protecting your 
infrastructure, devices, data, and employees from 
hackers requires the capability to detect, restrict, and 
respond to attacks across them all. Once an attacker 
has penetrated, recovery can be a long, drawn-out 
process. These events can result in financial loss, 
compromised data, and damage to your reputation. 


So how can you stay ahead of the bad actors? 
You need outcomes that help you: 


Know where you stand by discovering, 
prioritizing, and addressing shortcomings and 
gaps 


Maintain optimal security health by continually 
testing your security controls 


Strengthen your internal security team by 
measuring their response to threats 


Do you have the in-house skillsets you need to know 
your weaknesses and maintain a vigilant security 
posture? Cisco® can help. 


'Gartner, Gartner Identifies the Top Cybersecurity Trends for 2023 
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Outcomes 


Awareness. Vulnerability 
assessments and attack simulations 
highlight the weaknesses attackers 
use to compromise your organization, 
giving you the knowledge you need to 
address them effectively. 


Competitive edge. Instead of 
assuming you’ve made the right 
security investments, you can become 
a data-driven organization and 
measure them. 


Confidence. By knowing and 
addressing your security weaknesses, 
you are working to prevent future 
attacks and helping to reduce risk, 
avoid regulatory fines, and prevent 
breaches that could potentially 

be catastrophic. 


Remediation. Cisco can help you 
accelerate the closure of issues 
that may affect your organization’s 
resilience. 


Experience. With 35+ years of 
experience plus countless awards and 
accolades for our security experts, 
services, and products, Cisco is on 
your side providing industry-leading 
security expertise. 
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Service details 
Threat Modeling 


Threat Modeling is an exercise which looks at your key business functions, assets, and data. Using 
threat intelligence information it builds models of how your organization might be impacted by a 
cyber incident. This is used to identify the mitigative and detective controls that should be in place. 
Threat modeling is usually followed up with a controls gap assessment that takes the “should be 

in place” from the Threat Model and assesses whether a control currently exists and is functioning 
as expected. A controls gap assessment may take the form of a Security Architecture Assessment 
(mitigative controls), a Security Operations Assessment (detective controls) or a Threat Simulation 
exercise such as a Red Team (both mitigative and detective controls). 


Threat Mitigation: Security Architecture Assessment 


Once you know the threats you face, you need to ensure that the mitigations to them are appropriate 
and functioning as expected. Cisco’s Security Architecture Assessment, which looks at people, 
processes, and technologies, can be used to look holistically at your organization. It can also be 
used to target specific functional areas such as Network, Cloud, Application, or loT/OT architectures 
or your DevOps function. 


Threat Detection: Security Operations Assessment 


In an ideal world, all the threats you face can be mitigated. But unless you have the ability to detect 
them, you cannot know that your mitigations are working as expected or initiate a response should 
they fail. Our Security Operations Assessment looks at your detective capabilities as aligned to the 
threats you face, allowing you to understand any gaps you have and help remediate them. 


Threat Simulation: Red Team 


Red Team Threat Simulation models a real-world cyberattack, but in a controlled manner. During a 
Red Team engagement, our security experts use cutting-edge hacking techniques and unique 
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Service options 


Threat readiness 


Threat Modeling 
Red Team Threat Simulation 


Penetration Testing (internal and 
external network, application and 
cloud, loT/OT) 


Build resilience 


Security Architecture Assessment 
(network, cloud, application, 
and loT/OT) 


Device Configuration and Build 
Review 


DevOps Security Assessment 


Security Operations Assessment 


proprietary and public tools to test your defenses against specific and relevant threats. Our 
objectives are to replicate real-world attack scenarios, assess the effectiveness of many layers 
of your security controls in preventing and limiting breaches, and identify any weaknesses. The 
information gained will help you drive future security investment where you most need it. 


Penetration Testing 


Penetration tests assess weaknesses in specific assets or solutions, uncovering vulnerabilities often 
missed by vulnerability scanning. This is in contrast to the scenario-driven approach of a Red Team 
exercise. Internal and External Network Penetration Testing provide a practical security evaluation 
of a specific network by trying to gain access to valuable systems and data in an attempt to identify 
exploitable vulnerabilities. Application Penetration Testing identifies flaws in application logic or 
implementation by attempting to gain access to the underlying server or database, bypassing 
authentication and authorization and testing for injection vulnerabilities. loT/OT Penetration Testing 
focuses on the physical presence of operational technology. 


Why Cisco? 


Cisco is a top leader in network security. Based on extensive training, sophisticated tools, and 35+ 
years of experience designing, implementing, and securing some of the most complex networks in 
the world, we have developed proven methodologies for actively assessing your infrastructure and 
designing a security solution that aligns with your business goals and successfully closes 

security gaps. 


Next steps 


To learn more, visit www.cisco.com/go/as or contact your Cisco sales representative or authorized 
partner for assistance. 


